sign_rpm: Allow pkg signing by chunks through RPM_GPG_SIGN_CHUNK

Commit d58b1d196 moved from chunk to serial signing, but neither of both approaches allowed the user to select the chunks size. This patch allows the user to select a chunk size through RPM_GPG_SIGN_CHUNK defaulting to BB_NUMBER_THREADS, considered a good default. Indirectly, this change reduces the number of processes spawn to number-of-packages/RPM_GPG_SIGN_CHUNK. (From OE-Core rev: f7f78e73f1cd15f4233a231364b14438af758628) Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2026-01-29 21:08:42 +01:00 · 2017-08-17 10:12:27 -07:00
parent c0a7913bfe
commit e461f32d68
2 changed files with 10 additions and 5 deletions
--- a/meta/classes/sign_rpm.bbclass
+++ b/meta/classes/sign_rpm.bbclass
@@ -19,9 +19,12 @@
 # GPG_BIN
 #           Optional variable for specifying the gpg binary/wrapper to use for
 #           signing.
+# RPM_GPG_SIGN_CHUNK
+#           Optional variable indicating the number of packages used per gpg
+#           invocation
 # GPG_PATH
 #           Optional variable for specifying the gnupg "home" directory:
-#
+
 inherit sanity

 RPM_SIGN_PACKAGES='1'
@@ -29,6 +32,7 @@ RPM_SIGN_FILES ?= '0'
 RPM_GPG_BACKEND ?= 'local'
 # SHA-256 is used by default
 RPM_FILE_CHECKSUM_DIGEST ?= '8'
+RPM_GPG_SIGN_CHUNK ?= "${BB_NUMBER_THREADS}"


 python () {
@@ -56,6 +60,7 @@ python sign_rpm () {
                     d.getVar('RPM_GPG_NAME'),
                     d.getVar('RPM_GPG_PASSPHRASE'),
                     d.getVar('RPM_FILE_CHECKSUM_DIGEST'),
+                     int(d.getVar('RPM_GPG_SIGN_CHUNK')),
                     d.getVar('RPM_FSK_PATH'),
                     d.getVar('RPM_FSK_PASSWORD'))
 }
--- a/meta/lib/oe/gpg_sign.py
+++ b/meta/lib/oe/gpg_sign.py
@@ -27,7 +27,7 @@ class LocalSigner(object):
            raise bb.build.FuncFailed('Failed to export gpg public key (%s): %s' %
                                      (keyid, output))

-    def sign_rpms(self, files, keyid, passphrase, digest, fsk=None, fsk_password=None):
+    def sign_rpms(self, files, keyid, passphrase, digest, sign_chunk, fsk=None, fsk_password=None):
        """Sign RPM files"""

        cmd = self.rpm_bin + " --addsign --define '_gpg_name %s'  " % keyid
@@ -45,9 +45,9 @@ class LocalSigner(object):
            if fsk_password:
                cmd += "--define '_file_signing_key_password %s' " % fsk_password

-        # Sign packages
-        for f in files:
-            status, output = oe.utils.getstatusoutput(cmd + ' ' + f)
+        # Sign in chunks
+        for i in range(0, len(files), sign_chunk):
+            status, output = oe.utils.getstatusoutput(cmd + ' '.join(files[i:i+sign_chunk]))
            if status:
                raise bb.build.FuncFailed("Failed to sign RPM packages: %s" % output)